here. We're talking about system and information integrity. So what we're looking for is a guarantee that system has not been compromised and or the information hasn't been compromised by compromise. Modified, deleted, manipulated in some way other than authorized access.
So from our basic security requirements, we have three
we're gonna identify, report incorrect information and information system flaws in a timely manner. So with integrity, if, uh, we have vulnerabilities that also, of course effects the system integrity,
we're gonna provide protection from malicious code at appropriate locations within these systems.
So protection against the malicious code having entered into the system but also the capability of detecting once the malicious code has actually been in her. So, for instance, you know, certainly we want to protect in every way possible, you know, protect our system, Colonel,
uh, operating system as a whole.
But we also need a react of proactive and reactive controls. Really? What I'm getting at there. All right. And then, of course, we're gonna monitor information, alerts and advisories to take appropriate action in response. You know, we need a means of sifting through the alerts, configuring their alert. The alert precisely
so that When we do have the alert, it's clear what's going on.
And I gaily we should have the appropriate response. If we audit everything, not only does it kill performance, but it's very difficult to sift through and find what's meaningful. Okay, so what we're looking for is to detect system or flaws in the information,
prevent insertion of malicious code, but also to be able to detect it. And then we're gonna monitor the systems. Those are basic requirements. OK, now are derived. Security requirements were gonna update the malicious code protection mechanisms when new releases air available, we're gonna patch our system
essentially. Now again, that doesn't mean that we're gonna bypass configuration management. We're not in a bypass change control,
but ultimately we should have a patch management strategy in place and when especially security related patches, Air released. We need to get theirs onto the system.
We're going to scan the information system in real time
with intrusion detection systems with performance monitoring and security monitoring, making sure that the systems were protected. But also we're going to scan these files that come from external sources
here to peer sites are the worst thing ever from a perspective of security, the downloads from the Internet, what people bring in from home. We want to make sure those air scanned,
monitoring, inbound and outbound communications traffic again. Intrusion detection systems are extremely helpful here, looking at suspicious activity or activity that matches known violations. But also considering, you know, the fact that new attacks are happening all the time,
we have to have some means of looking for zero day attacks as well. So
maybe an I. D. S that analyzes behavior, not just matching a signature. And then, last but not least, we want to identify any sort of unauthorized use of an information system.
we should limit the use of the system to authorized users only. So being able to detect if there is unauthorized access, you know, is obviously very, very important.